The Trump Administration Is Deprioritizing Russia as a Cyber Threat

The Trump Administration Is Deprioritizing Russia as a Cyber Threat

As the world grapples with an increasingly complex and ever-evolving cyber threat landscape, one nation that has consistently been at the forefront of this threat is Russia. From repeated election meddling to brazen, disruptive cyberattacks, Russia's cyber aggression against the United States and its longtime allies has been a persistent concern for years. However, in recent months, multiple actions from the Trump administration have recast the US stance on the cybersecurity threats posed by the Kremlin, downplaying the risks of Russian hackers as US adversaries.

Consistent US intelligence community assessments of Russia's activity in cyberspace and the threat it poses to the US would indicate that such a change in approach could put the US at risk. The deprioritization of the Russia threat has come in several different forms. For instance, US State Department deputy assistant secretary for international cybersecurity Liesyl Franz said during a speech in a United Nations working group last week that the US is concerned about digital attacks from China and Iran, but did not mention Russia.

A recent memo distributed at the Cybersecurity and Infrastructure Security Agency laid out priorities for the agency, focusing on China and defense of US systems but omitted any reference to Russia. Furthermore, on Friday, the cybersecurity news outlet The Record reported that, last week, Defense Secretary Pete Hegseth ordered US Cyber Command to stop all cyber operational planning against Russia, including offensive digital campaigns.

Crypto Bounty Hunters Racing to Track Down $1.4 Billion Stolen from ByBit

The hacking group known as Lazarus, which is allegedly working on behalf of the North Korean government, has stolen an astonishing $1.4 billion in cryptocurrency from the platform Bybit. The FBI has issued an alert asking the crypto industry not to launder the funds of those hackers and has released a list of Ethereum addresses associated with the stolen funds in an effort to help identify and seize any part of the funds before they can be cashed out.

Crypto tracing firm TRM Labs wrote in a post Thursday that around $400 million of the funds have already been moved and may have been successfully liquidated. This incident highlights the ongoing challenge of tracking down cyber thieves and recovering stolen funds in the fast-paced world of cryptocurrency.

An Italian Priest's Phone Hacked with Sophisticated Spyware

Italian priest Mattia Ferrari, who works with a migrant-rescue group and has a close relationship with the Pope, revealed this week that he received a warning from Meta that his phone had been hacked with sophisticated spyware from Israeli-based Paragon. The news follows revelations that Luca Casarini, the founder of the NGO Mediterranea Saving Humans, where Ferrari served as a chaplain, also had his phone compromised by spyware, as did Italian investigative reporter Francesco Cancellato.

The string of spyware infections targeting Italian activists and a journalist raises the question of who might be carrying out the hacking operations, with opposition leaders calling on the administration of Italian prime minister Giorgia Meloni to address the issue. Pope Francis, who is currently in critical condition with pneumonia, has mentioned speaking to Ferrari on the phone during a TV interview in January, raising the question of whether the spies who hacked Ferrari's phone eavesdropped on a conversation with the pope himself.

A Disney Staffer's Malware Mishap Exposes Sensitive Information

In July, an entity calling itself “NullBulge” published a 1.1-TB trove of data stolen from Disney's internal Slack archive, tipping off a frenzied cleanup effort as Disney rushed to get a handle on leaked revenue numbers, employee information like passport numbers, and sensitive customer information.

The breach occurred after a Disney employee, Matthew Van Andel, inadvertently downloaded malware onto his personal computer that collected his login credentials for a number of services, including, crucially, the password to his 1Password credential vault. “It’s impossible to convey the sense of violation,” he told The Wall Street Journal.

Van Andel also had his credit card numbers and other personal data stolen, and then lost his job as well when a Disney audit of his work computer alleged that he had accessed porn from the device. Van Andel denies the accusation.